File name: | Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.uue |
Full analysis: | https://app.any.run/tasks/0ffd8624-5932-47dd-b7b8-3e4fd7e43a1e |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 06:51:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 12DD8ED13DDE7594D9551A655BAFD169 |
SHA1: | A8F5211F71DC4B8170DCC40902B0D91A5AF48C92 |
SHA256: | DD766A3C69BC7E5B384540140EC3F383797AF109D07EA00F9EBFE173CB3863AE |
SSDEEP: | 12288:RpK1Cc55crUYZH/02h5YEFJjNBbeQ1W51kOfQK222:0Y1c2hVPeQ181pf6 |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 531457 |
---|---|
UncompressedSize: | 1084928 |
OperatingSystem: | Win32 |
ModifyDate: | 2019:04:24 08:15:28 |
PackingMethod: | Normal |
ArchivedFileName: | Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.uue.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2612 | "C:\Users\admin\Desktop\Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe" | C:\Users\admin\Desktop\Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe | explorer.exe | |
User: admin Company: hvix64 Integrity Level: MEDIUM Description: RtDCpl64 Exit code: 0 Version: 503.806.715.494 | ||||
3692 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Version: 2.0.50727.5420 (Win7SP1.050727-5400) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2612 | Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe | C:\Users\admin\AppData\Roaming\whoami\CredentialUIBroker.vbs | text | |
MD5:D2569B1C5942ACAEF04A2073378C7D7D | SHA256:7A5B31BE749673F1F524FA423E17467A4878E28BB93B4AB6DF64C52A92E12D9F | |||
2612 | Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CredentialUIBroker.url | text | |
MD5:8A61642B80314BA0377633B3A15C2391 | SHA256:612667E00A80CB81CDFAADA321AAF63C59C058CEA1F924DC90DB3530850C18B4 | |||
2612 | Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe | C:\Users\admin\AppData\Roaming\whoami\CompMgmtLauncher.exe | executable | |
MD5:76CFEA5E2ECE4E2F89E346930850B362 | SHA256:9F7B8F7209D20F0024F74648357CE726A2CB07CD525D5A84FC113DA07A9C5141 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.24295\Circular 032 Sancionados a Nivel Nacional Abril 24 RAD29000393_0291.exe | executable | |
MD5:C9C8275280D0523859ADADF1CF5501D9 | SHA256:55BED4C0C354975F4B778AF43227D334D8D8ED89E6A4405E35F649EB7AF4C5F5 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3692 | RegAsm.exe | 186.85.86.196:1407 | hospisanjose.publicvm.com | Telmex Colombia S.A. | CO | malicious |
Domain | IP | Reputation |
---|---|---|
hospisanjose.publicvm.com |
| malicious |
dns.msftncsi.com |
| shared |